Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docker Image Change #1207

Merged
merged 55 commits into from
Feb 19, 2025
Merged

Docker Image Change #1207

merged 55 commits into from
Feb 19, 2025

Conversation

BinamB
Copy link
Contributor

@BinamB BinamB commented Dec 13, 2024
edited
Loading

Related PR: https://github.com/uc-cdis/cloud-automation/pull/2682/files

Without the cloud-auto PR, we're not able to successfully deploy fence.

Improvements

  • Update to use new Amazon Linux base image and use the same structure as our other python services.
  • Utilizing "gen3" user instead of "root" for more secure containers
  • Moving to Poetry to manage our virtual environments
  • Multi-stage Docker builds for smaller images
  • Move to Gunicorn

@github-actions GitHub Actions
Copy link

Please find the ci env pod logs here

@github-actions GitHub Actions
Copy link

Please find the ci env pod logs here

@github-actions GitHub Actions
Copy link

Please find the ci env pod logs here

nss10
nss10 reviewed Dec 16, 2024
View reviewed changes
Copy link
Contributor

@nss10 nss10 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The changes look good. Just a couple of questions, and will approve.

Dockerfile Outdated
libxcrypt-compat-4.4.33 \
libpq-15.0 && \
echo "Installing RPM"; \
rpm -i https://ccrypt.sourceforge.net/download/1.11/ccrypt-1.11-1.x86_64.rpm; \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I noticed we are using an x86 binary for ARM. Will this be emulated for ARM during use? Has any testing been done to confirm its functionality?

pyproject.toml Outdated
@@ -22,7 +22,7 @@ cached_property = "^1.5.1"
cdiserrors = "<2.0.0"
cdislogging = "^1.0.0"
cdispyutils = "^2.0.1"
flask = ">=3.0.0"
flask = "^2.2.3"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you clarify the reason for downgrading Flask?

@nss10 nss10 removed the TestDbgap label Feb 12, 2025
@github-actions GitHub Actions
Copy link

filepath $$\textcolor{#f14c4c}{\tt{failed}}$$ SUBTOTAL
$$\textcolor{#f14c4c}{\tt{tests/test\_ras\_authn.py}}$$ $$\textcolor{#f14c4c}{\tt{3}}$$ $$\textcolor{#f14c4c}{\tt{3}}$$
$$\textcolor{#f14c4c}{\tt{TOTAL}}$$ $$\textcolor{#f14c4c}{\tt{3}}$$ $$\textcolor{#f14c4c}{\tt{3}}$$

Please find the detailed integration test report here

Please find the ci env pod logs here

@github-actions GitHub Actions
Copy link

Please find the ci env pod logs here

@github-actions GitHub Actions
Copy link

filepath $$\textcolor{#23d18b}{\tt{passed}}$$ $$\textcolor{#f14c4c}{\tt{failed}}$$ $$\textcolor{#ffa500}{\tt{skipped}}$$ SUBTOTAL
$$\textcolor{#23d18b}{\tt{tests/test\_oauth2.py}}$$ $$\textcolor{#23d18b}{\tt{15}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#23d18b}{\tt{15}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_centralized\_auth.py}}$$ $$\textcolor{#23d18b}{\tt{16}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#23d18b}{\tt{16}}$$
$$\textcolor{#ffa500}{\tt{tests/test\_data\_upload.py}}$$ $$\textcolor{#23d18b}{\tt{8}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#ffa500}{\tt{1}}$$ $$\textcolor{#ffa500}{\tt{9}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_presigned\_url.py}}$$ $$\textcolor{#23d18b}{\tt{7}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#23d18b}{\tt{7}}$$
$$\textcolor{#ffa500}{\tt{tests/test\_dbgap.py}}$$ $$\textcolor{#23d18b}{\tt{4}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#ffa500}{\tt{1}}$$ $$\textcolor{#ffa500}{\tt{5}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_user\_token.py}}$$ $$\textcolor{#23d18b}{\tt{5}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#23d18b}{\tt{5}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_drs\_endpoint.py}}$$ $$\textcolor{#23d18b}{\tt{4}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#23d18b}{\tt{4}}$$
$$\textcolor{#f14c4c}{\tt{tests/test\_ras\_authn.py}}$$ $$\textcolor{#23d18b}{\tt{1}}$$ $$\textcolor{#f14c4c}{\tt{2}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#f14c4c}{\tt{3}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_oidc\_client.py}}$$ $$\textcolor{#23d18b}{\tt{2}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#23d18b}{\tt{2}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_google\_data\_access.py}}$$ $$\textcolor{#23d18b}{\tt{1}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#23d18b}{\tt{1}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_audit\_service.py}}$$ $$\textcolor{#23d18b}{\tt{1}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#23d18b}{\tt{1}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_client\_credentials.py}}$$ $$\textcolor{#23d18b}{\tt{1}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#23d18b}{\tt{1}}$$
$$\textcolor{#ffa500}{\tt{tests/test\_register\_user.py}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#ffa500}{\tt{2}}$$ $$\textcolor{#ffa500}{\tt{2}}$$
$$\textcolor{#f14c4c}{\tt{TOTAL}}$$ $$\textcolor{#23d18b}{\tt{65}}$$ $$\textcolor{#f14c4c}{\tt{2}}$$ $$\textcolor{#ffa500}{\tt{4}}$$ $$\textcolor{#f14c4c}{\tt{71}}$$

Please find the detailed integration test report here

Please find the ci env pod logs here

@k-burt-uch
Copy link
Contributor

I manually verified the RAS AuthN test cases that are failing as follows:

  1. Updated qa-dcp to use this PR's branch
  2. Changed fence-config secret to use the RAS BDC Staging New clientId and clientSecret for the ras OPENID_CONNECT (In keeper)
  3. gen3 kube-setup-fence
  4. Verified I can log in
  5. Changed fence-config secret to remove the ga4gh_passport from scope (this simulates the second failing RAS AuthN test case)
  6. gen3 kube-setup-fence
  7. Verified I can log in.

I've reverted the changes on qa-dcp.

@github-actions GitHub Actions
Copy link

filepath $$\textcolor{#23d18b}{\tt{passed}}$$ $$\textcolor{#f14c4c}{\tt{failed}}$$ $$\textcolor{#ffa500}{\tt{skipped}}$$ SUBTOTAL
$$\textcolor{#23d18b}{\tt{tests/test\_centralized\_auth.py}}$$ $$\textcolor{#23d18b}{\tt{16}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#23d18b}{\tt{16}}$$
$$\textcolor{#f14c4c}{\tt{tests/test\_oauth2.py}}$$ $$\textcolor{#23d18b}{\tt{5}}$$ $$\textcolor{#f14c4c}{\tt{10}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#f14c4c}{\tt{15}}$$
$$\textcolor{#ffa500}{\tt{tests/test\_data\_upload.py}}$$ $$\textcolor{#23d18b}{\tt{8}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#ffa500}{\tt{1}}$$ $$\textcolor{#ffa500}{\tt{9}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_presigned\_url.py}}$$ $$\textcolor{#23d18b}{\tt{7}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#23d18b}{\tt{7}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_user\_token.py}}$$ $$\textcolor{#23d18b}{\tt{5}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#23d18b}{\tt{5}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_drs\_endpoint.py}}$$ $$\textcolor{#23d18b}{\tt{4}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#23d18b}{\tt{4}}$$
$$\textcolor{#f14c4c}{\tt{tests/test\_dbgap.py}}$$ $$\textcolor{#23d18b}{\tt{3}}$$ $$\textcolor{#f14c4c}{\tt{1}}$$ $$\textcolor{#ffa500}{\tt{1}}$$ $$\textcolor{#f14c4c}{\tt{5}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_oidc\_client.py}}$$ $$\textcolor{#23d18b}{\tt{2}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#23d18b}{\tt{2}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_audit\_service.py}}$$ $$\textcolor{#23d18b}{\tt{1}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#23d18b}{\tt{1}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_client\_credentials.py}}$$ $$\textcolor{#23d18b}{\tt{1}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#23d18b}{\tt{1}}$$
$$\textcolor{#f14c4c}{\tt{tests/test\_ras\_authn.py}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#f14c4c}{\tt{3}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#f14c4c}{\tt{3}}$$
$$\textcolor{#f14c4c}{\tt{tests/test\_google\_data\_access.py}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#f14c4c}{\tt{1}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#f14c4c}{\tt{1}}$$
$$\textcolor{#ffa500}{\tt{tests/test\_register\_user.py}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#ffa500}{\tt{2}}$$ $$\textcolor{#ffa500}{\tt{2}}$$
$$\textcolor{#f14c4c}{\tt{TOTAL}}$$ $$\textcolor{#23d18b}{\tt{52}}$$ $$\textcolor{#f14c4c}{\tt{15}}$$ $$\textcolor{#ffa500}{\tt{4}}$$ $$\textcolor{#f14c4c}{\tt{71}}$$

Please find the detailed integration test report here

Please find the ci env pod logs here

@github-actions GitHub Actions
Copy link

filepath $$\textcolor{#23d18b}{\tt{passed}}$$ $$\textcolor{#f14c4c}{\tt{failed}}$$ $$\textcolor{#ffa500}{\tt{skipped}}$$ SUBTOTAL
$$\textcolor{#f14c4c}{\tt{tests/test\_dbgap.py}}$$ $$\textcolor{#23d18b}{\tt{3}}$$ $$\textcolor{#f14c4c}{\tt{1}}$$ $$\textcolor{#ffa500}{\tt{1}}$$ $$\textcolor{#f14c4c}{\tt{5}}$$
$$\textcolor{#f14c4c}{\tt{tests/test\_oauth2.py}}$$ $$\textcolor{#23d18b}{\tt{5}}$$ $$\textcolor{#f14c4c}{\tt{10}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#f14c4c}{\tt{15}}$$
$$\textcolor{#f14c4c}{\tt{tests/test\_ras\_authn.py}}$$ $$\textcolor{#23d18b}{\tt{2}}$$ $$\textcolor{#f14c4c}{\tt{1}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#f14c4c}{\tt{3}}$$
$$\textcolor{#f14c4c}{\tt{tests/test\_google\_data\_access.py}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#f14c4c}{\tt{1}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#f14c4c}{\tt{1}}$$
$$\textcolor{#f14c4c}{\tt{TOTAL}}$$ $$\textcolor{#23d18b}{\tt{10}}$$ $$\textcolor{#f14c4c}{\tt{13}}$$ $$\textcolor{#ffa500}{\tt{1}}$$ $$\textcolor{#f14c4c}{\tt{24}}$$

Please find the detailed integration test report here

Please find the ci env pod logs here

@github-actions GitHub Actions
Copy link

filepath $$\textcolor{#23d18b}{\tt{passed}}$$ $$\textcolor{#f14c4c}{\tt{failed}}$$ $$\textcolor{#ffa500}{\tt{skipped}}$$ SUBTOTAL
$$\textcolor{#f14c4c}{\tt{tests/test\_dbgap.py}}$$ $$\textcolor{#23d18b}{\tt{3}}$$ $$\textcolor{#f14c4c}{\tt{1}}$$ $$\textcolor{#ffa500}{\tt{1}}$$ $$\textcolor{#f14c4c}{\tt{5}}$$
$$\textcolor{#f14c4c}{\tt{tests/test\_oauth2.py}}$$ $$\textcolor{#23d18b}{\tt{5}}$$ $$\textcolor{#f14c4c}{\tt{10}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#f14c4c}{\tt{15}}$$
$$\textcolor{#f14c4c}{\tt{tests/test\_ras\_authn.py}}$$ $$\textcolor{#23d18b}{\tt{2}}$$ $$\textcolor{#f14c4c}{\tt{1}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#f14c4c}{\tt{3}}$$
$$\textcolor{#f14c4c}{\tt{tests/test\_google\_data\_access.py}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#f14c4c}{\tt{1}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#f14c4c}{\tt{1}}$$
$$\textcolor{#f14c4c}{\tt{TOTAL}}$$ $$\textcolor{#23d18b}{\tt{10}}$$ $$\textcolor{#f14c4c}{\tt{13}}$$ $$\textcolor{#ffa500}{\tt{1}}$$ $$\textcolor{#f14c4c}{\tt{24}}$$

Please find the detailed integration test report here

Please find the ci env pod logs here

@github-actions GitHub Actions
Copy link

filepath $$\textcolor{#23d18b}{\tt{passed}}$$ $$\textcolor{#f14c4c}{\tt{failed}}$$ $$\textcolor{#ffa500}{\tt{skipped}}$$ SUBTOTAL
$$\textcolor{#ffa500}{\tt{tests/test\_dbgap.py}}$$ $$\textcolor{#23d18b}{\tt{4}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#ffa500}{\tt{1}}$$ $$\textcolor{#ffa500}{\tt{5}}$$
$$\textcolor{#f14c4c}{\tt{tests/test\_oauth2.py}}$$ $$\textcolor{#23d18b}{\tt{14}}$$ $$\textcolor{#f14c4c}{\tt{1}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#f14c4c}{\tt{15}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_ras\_authn.py}}$$ $$\textcolor{#23d18b}{\tt{3}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#23d18b}{\tt{3}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_google\_data\_access.py}}$$ $$\textcolor{#23d18b}{\tt{1}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#666666}{\tt{0}}$$ $$\textcolor{#23d18b}{\tt{1}}$$
$$\textcolor{#f14c4c}{\tt{TOTAL}}$$ $$\textcolor{#23d18b}{\tt{22}}$$ $$\textcolor{#f14c4c}{\tt{1}}$$ $$\textcolor{#ffa500}{\tt{1}}$$ $$\textcolor{#f14c4c}{\tt{24}}$$

Please find the detailed integration test report here

Please find the ci env pod logs here

@github-actions GitHub Actions
Copy link

filepath $$\textcolor{#23d18b}{\tt{passed}}$$ $$\textcolor{#f14c4c}{\tt{failed}}$$ SUBTOTAL
$$\textcolor{#f14c4c}{\tt{tests/test\_oauth2.py}}$$ $$\textcolor{#23d18b}{\tt{5}}$$ $$\textcolor{#f14c4c}{\tt{10}}$$ $$\textcolor{#f14c4c}{\tt{15}}$$
$$\textcolor{#f14c4c}{\tt{TOTAL}}$$ $$\textcolor{#23d18b}{\tt{5}}$$ $$\textcolor{#f14c4c}{\tt{10}}$$ $$\textcolor{#f14c4c}{\tt{15}}$$

Please find the detailed integration test report here

Please find the ci env pod logs here

@github-actions GitHub Actions
Copy link

filepath $$\textcolor{#23d18b}{\tt{passed}}$$ SUBTOTAL
$$\textcolor{#23d18b}{\tt{tests/test\_oauth2.py}}$$ $$\textcolor{#23d18b}{\tt{15}}$$ $$\textcolor{#23d18b}{\tt{15}}$$
$$\textcolor{#23d18b}{\tt{TOTAL}}$$ $$\textcolor{#23d18b}{\tt{15}}$$ $$\textcolor{#23d18b}{\tt{15}}$$

Please find the detailed integration test report here

Please find the ci env pod logs here

@nss10 nss10 merged commit b2fa0ae into master Feb 19, 2025
9 checks passed
@nss10 nss10 deleted the chore/ccrypt_usersync branch February 19, 2025 18:10
AlbertSnows pushed a commit that referenced this pull request Feb 21, 2025
@BinamB @jawadqur
@EliseCastle23 @Avantol13 @nss10 @AlbertSnows
Docker Image Change to Amazon Linux (#1207)
d2dfa09 
* Update to use new Amazon Linux base image and use the same structure as our other python services.
* Utilizing "gen3" user instead of "root" for more secure containers
* Moving to Poetry to manage our virtual environments
* Multi-stage Docker builds for smaller images
* Move to Gunicorn
---------

Co-authored-by: Jawad Qureshi <qureshi@uchicago.edu>
Co-authored-by: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com>
Co-authored-by: Alexander VanTol <avantol@uchicago.edu>
Co-authored-by: Alexander VanTol <Avantol13@users.noreply.github.com>
Co-authored-by: Sai Shanmukha <nss10@outlook.com>
Co-authored-by: J. Q. <55899496+jawadqur@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nss10 nss10 nss10 left review comments

@Avantol13 Avantol13 Avantol13 approved these changes

Assignees
No one assigned
Labels
TestOauth2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@BinamB @coveralls @k-burt-uch @Avantol13 @nss10 @PlanXCyborg @EliseCastle23 @krishnaa05 @jawadqur